CyberSecurity Pulse 2017-07-11

CyberSecurity Pulse 2017-07-11

“A problem is a chance for you to do your best.”
Duke Ellington

Analyst Insight

Tensions Between Russia and United States Affects Kaspersky Lab

A provision in a Senate spending bill that is likely to become law would bar the Defense Department from doing business with Kaspersky Lab. In recent months, U.S. intelligence officials have expressed concerns that the company is a security risk, without specifying the basis of those concerns.

Last month, Sen. Marco Rubio, R-Fla., asked the chiefs of the NSA, Central Intelligence Agency, FBI and three other intelligence agencies during a hearing whether they would be comfortable using Kaspersky products. Each said no. "This has led to a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure, particularly computer systems vital to our nation’s security", said Sen.

In a statement, Kaspersky Lab said it "has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts". It is unacceptable that any company is being accused without any hard evidence to back up these allegations. Moreover, these accusations are taking place while the alleged Russian interference in American elections is still fresh in the media after having coped again several newspapers this weekend because of the meeting between Donald Trump and Vladimir Putin regarding the creation of a transnational cyberintelligence unit to fight cyberthreats.

» More information at NBC News

Top Stories

Defense Contractors Will Be Held to Higher Cyberstandards

Defense contractors in United States will soon be held to the same cybersecurity standards that the Defense Department has implemented in recent years, according to a top IT official at the Pentagon. "The cyberthreat is not going away. We have to defend our networks and systems and you’re part of that defense", acting DOD CIO John Zangardi said Friday. "DOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department’s networks". The new DOD regulation will go into effect for how contractors respond to and report cyberincidents and defense contractors have until the end of calendar year 2017 to begin complying.

» More information at Department of Defense

Hackers Are Targeting Nuclear Facilities, According Homeland Security and FBI

The New York Times has reported that the Department of Homeland Security (DHS) and the FBI have issued a joint report providing details of a series of malware attacks targeting employees of companies that operate nuclear power plants in the US, including the Wolf Creek Nuclear Operating Corporation. The attacks have been taking place since May, as detailed in the report issued by federal officials last week and sent out to industry. The amber alert to industry, the second-highest level of severity for these types of reports from the FBI and DHS, noted that the attacks had been focused on employees' personal computers but had not managed to jump to control systems. Administrative computers and reactor control systems in most cases are operated separately, and the control networks are generally "air-gapped", that is to say, kept disconnected from networks that attach to the Internet. Although this implies another layer of security, the existence of tools such as the recently released by Wikileaks, Brutal Kangaroo, reminds us that this is not still the end of the story.

» More information at The New York Times

Rest of the Week´s News

0-day Skype Flaw Causes Crashes, Remote Code Execution

A critical flaw in Microsoft's Skype web messaging and call service allows attackers to crash systems and execute code. Vulnerability Lab security researcher Benjamin Kunz Mejri revealed the previously unknown vulnerability in a public security disclosure, saying the stack buffer overflow flaw, CVE-2017-9948, impacts Skype versions 7.2, 7.35, and 7.36.

» More information at Qualys

Bithumb, Fourth Largest Bitcoin Exchange, Has Been Hacked

One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised. Around 10 million won worth of bitcoins (about 8K USD) were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper, but there are several reports that figures can raise to 1,2 billion won (around 860K USD) depending on the victim.

» More information at The Hacker News

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows and Linux PCs

WikiLeaks has published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Dubbed BothanSpy targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.

» More information at The Hacker News

Further Reading

NotPetya Developers Obtained NSA Exploits Weeks Before Their Public Leak

» More information at Ars Technica UK

Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

» More information at The Hacker News

The Author of the Original Petya Ransomware Released the Master Key

» More information at Security Affairs

Obama Reportedly Ordered Implants To Be Deployed in Key Russian Networks

» More information at Ars Technica UK